print/ghostscript9-agpl-base: add patch to fix CVE-2023-28879

and bump PORTREVISION. vulndb update in upcoming separate commit.

Security:	CVE-2023-28879
Security:	25872b25-da2d-11ed-b715-a1e76793953b
PR:		270823
MFH:		2023Q2
Approved by:	hrs@ through maintainer timeout, 15d

2 files changed, 24 insertions, 1 deletions

diff --git a/print/ghostscript9-agpl-base/Makefile b/print/ghostscript9-agpl-base/Makefile
index a63f0724fb5e..305e44397735 100644
--- a/print/ghostscript9-agpl-base/Makefile
+++ b/print/ghostscript9-agpl-base/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	ghostscript
 PORTVERSION=	9.56.1
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	print
 MASTER_SITES=	https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${PORTVERSION:S/.//g}/
 PKGNAMESUFFIX=	9-agpl-base
diff --git a/print/ghostscript9-agpl-base/files/patch-base_cbcp.c b/print/ghostscript9-agpl-base/files/patch-base_cbcp.c
new file mode 100644
index 000000000000..f1048393c10c
--- /dev/null
+++ b/print/ghostscript9-agpl-base/files/patch-base_cbcp.c
@@ -0,0 +1,23 @@
+--- base/sbcp.c
++++ base/sbcp.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2001-2021 Artifex Software, Inc.
++/* Copyright (C) 2001-2023 Artifex Software, Inc.
+    All Rights Reserved.
+ 
+    This software is provided AS-IS with no warranty, either express or
+@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
+         byte ch = *++p;
+ 
+         if (ch <= 31 && escaped[ch]) {
++            /* Make sure we have space to store two characters in the write buffer,
++             * if we don't then exit without consuming the input character, we'll process
++             * that on the next time round.
++             */
++            if (pw->limit - q < 2) {
++                p--;
++                break;
++            }
+             if (p == rlimit) {
+                 p--;
+                 break;